CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2013-7172
https://notcve.org/view.php?id=CVE-2013-7172
21 Nov 2019 — Slackware 13.1, 13.37, 14.0 and 14.1 contain world-writable permissions on the iodbctest and iodbctestw programs within the libiodbc package, which could allow local users to use RPATH information to execute arbitrary code with root privileges. Slackware versiones 13.1, 13.37, 14.0 y 14.1, contienen permisos de tipo world-writable en los programas iodbctest y iodbctestw dentro del paquete libiodbc, lo que podría permitir a usuarios locales usar información de RPATH para ejecutar código arbitrario con privil... • http://www.openwall.com/lists/oss-security/2013/12/20/1 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 23%CPEs: 2EXPL: 0CVE-2013-7171
https://notcve.org/view.php?id=CVE-2013-7171
21 Nov 2019 — Slackware 14.0 and 14.1, and Slackware LLVM 3.0-i486-2 and 3.3-i486-2, contain world-writable permissions on the /tmp directory which could allow remote attackers to execute arbitrary code with root privileges. Slackware versiones 14.0 y 14.1, y Slackware LLVM versiones 3.0-i486-2 y 3.3-i486-2, contienen permisos de tipo world-writable en el directorio /tmp que podrían permitir a atacantes remotos ejecutar código arbitrario con privilegios de root. • http://www.openwall.com/lists/oss-security/2013/12/20/1 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2018-9336 – Slackware Security Advisory - openvpn Updates
https://notcve.org/view.php?id=CVE-2018-9336
27 Apr 2018 — openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-free of memory by sending a malformed request to the interactive service. This could cause a denial-of-service through memory corruption or possibly have unspecified other impact including privilege escalation. openvpnserv.exe (también conocido como interactive service helper) en OpenVPN en versiones 2.4.x anteriores a la 2.4.6 permite que un atacante local provoque una doble liberaci... • http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.568761 • CWE-415: Double Free •
CVSS: 7.5EPSS: 6%CPEs: 23EXPL: 0CVE-2018-7184 – Ubuntu Security Notice USN-3707-1
https://notcve.org/view.php?id=CVE-2018-7184
01 Mar 2018 — ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704. ntpd en ntp, en versiones 4.2.8p4 anteriores a la 4.2.8p11, envía paquetes malos antes de actualizar la marca de tiempo "received"... • http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html •
CVSS: 10.0EPSS: 2%CPEs: 42EXPL: 0CVE-2016-4448 – libxml2: Format string vulnerability
https://notcve.org/view.php?id=CVE-2016-4448
27 May 2016 — Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. Vulnerabilidad de formato de cadena en libxml2 en versiones anteriores a 2.9.4 permite a atacantes tener un impacto no especificado a través de especificadores de formato de cadena en vectores desconocidos. It was discovered that libxml2 incorrectly handled format strings. If a user or automated system were tricked into opening a specially crafted document, an atta... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 9.8EPSS: 1%CPEs: 56EXPL: 0CVE-2007-1352 – Multiple font integer overflows (CVE-2007-1352)
https://notcve.org/view.php?id=CVE-2007-1352
06 Apr 2007 — Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow. Desbordamiento de entero en la función FontFileInitTable en X.Org libXfont versiones anteriores a 20070403 permite a usuarios remotos autenticados ejecutar código de su elección mediante una primera línea larga en el fichero fonts.dir, lo cual resulta en un desbordamiento de montón. • http://issues.foresightlinux.org/browse/FL-223 •
CVSS: 7.8EPSS: 4%CPEs: 21EXPL: 3CVE-2004-0940 – Apache 1.3.31 mod_include - Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2004-0940
26 Oct 2004 — Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error. • https://www.exploit-db.com/exploits/587 • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 10.0EPSS: 5%CPEs: 42EXPL: 0CVE-2004-0891
https://notcve.org/view.php?id=CVE-2004-0891
21 Oct 2004 — Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an "unexpected sequence of MSNSLP messages" that results in an unbounded copy operation that writes to the wrong buffer. • http://gaim.sourceforge.net/security/?id=9 •
CVSS: 5.5EPSS: 0%CPEs: 27EXPL: 0CVE-2004-0880
https://notcve.org/view.php?id=CVE-2004-0880
24 Sep 2004 — getmail 4.x before 4.2.0, when run as root, allows local users to overwrite arbitrary files via a symlink attack on an mbox file. • http://marc.info/?l=bugtraq&m=109571883130372&w=2 •
CVSS: 7.1EPSS: 0%CPEs: 27EXPL: 0CVE-2004-0881
https://notcve.org/view.php?id=CVE-2004-0881
24 Sep 2004 — getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as root, allows local users to write files in arbitrary directories via a symlink attack on subdirectories in the maildir. • http://marc.info/?l=bugtraq&m=109571883130372&w=2 •